Change Download Preference

CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 02, 2018
Last Updated: August 02, 2018

CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability.

The vulnerability, CVE-2018-6590, occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.

Customers may use the CA API Developer Portal web interface to find the product version and review the information in the Affected and Unaffected Products sections to determine if the installation is vulnerable.

Solution

CA Technologies published the following solutions to address the vulnerability.